<?php

/**
 * Modify employee function
 *
 * Updates / Modify employee profile information
 *
 * @author Samantha Gobin <samanthagobin30@gmail.com>
 */
include_once 'UTerrorcode.php';
include_once 'UTcheckAuth.php';
include_once 'UTDBGlobal.php';

/**
 * @param $userAuthName
 * @param $userAuthPassHash
 * @param $userName
 * @param $dataHash
 * @param $empFname
 * @param $empLname
 * @param $startDate
 * @param $endDate
 * @param $empStatus
 * @param $address
 * @param $email
 * @param $phoneNum
 * @param $wage
 * @return array
 */
function modifyEmployee($userAuthName, $userAuthPassHash, $userName, $dataHash, $empFname, $empLname, $startDate, $endDate, $empStatus, $address, $email, $phoneNum, $wage) {
    global $dbaddress;
    global $dbuser;
    global $dbpassword;
    global $dbdatabasename;

    if (empty($userAuthName)) {
        return array(ErrorCode::failRead + 100);
    }
    if (empty($userAuthPassHash)) {
        return array(ErrorCode::failRead + 200);
    }
    if (empty($userName)) {
        return array(ErrorCode::failRead + 300);
    }
    if (empty($dataHash)) {
        return array(ErrorCode::failRead + 400);
    }
    if (empty($empFname)) {
        return array(ErrorCode::failRead + 500);
    }
    if (empty($empLname)) {
        return array(ErrorCode::failRead + 600);
    }
    if (empty($startDate)) {
        return array(ErrorCode::failRead + 700);
    }
    if (empty($empStatus)) {
        return array(ErrorCode::failRead + 900);
    }
    if (empty($address)) {
        return array(ErrorCode::failRead + 1000);
    }
    if (empty($email)) {
        return array(ErrorCode::failRead + 1100);
    }
    if (empty($phoneNum)) {
        return array(ErrorCode::failRead + 1200);
    }
    if (empty($wage)) {
        return array(ErrorCode::failRead + 1300);
    }

    if (checkAuthentication($userAuthName, $userAuthPassHash) == true) {
        $conn = mysqli_connect($dbaddress, $dbuser, $dbpassword, $dbdatabasename);
        $sql = "SELECT empID FROM paradigmshift_dev.account WHERE accName = '$userName'";
        $result = mysqli_query($conn, $sql);
        $row = mysqli_fetch_row($result);
        $empID = $row[0];

        if ($row == NULL) {
            $error = 300 + ErrorCode::failRead;
        } else {//check for managerness
            $sql = "SELECT empID FROM paradigmshift_dev.account WHERE accName = '$userAuthName'";
            $result = mysqli_query($conn, $sql);
            $row = mysqli_fetch_object($result);
            $managerID = $row->empID;

            $sql = "SELECT empStatus FROM paradigmshift_dev.employees WHERE empID = '$managerID'";
            $result = mysqli_query($conn, $sql);
            $row = mysqli_fetch_object($result);
            $queryEmpStatus = $row->empStatus;

            if ($queryEmpStatus == 'Manager') {//time to check data hash
                $query = "SELECT * from Employees WHERE empID = '$empID'";
                $result = mysqli_query($conn, $query);
                $row = mysqli_fetch_row($result);

                $msg = $row[1] . $row[2] . $row[3] . $row[4] . $row[5] . $row[6] . $row[7] . $row[8] . $row[9];
                $hashMsg = hash('md5', $msg);

                if ($hashMsg == $dataHash) {//hash matches!lets update!
                    $sql = "UPDATE Employees SET empFname = '$empFname', empLname = '$empLname', startDate = '$startDate'," . (is_null($endDate) ? "" : " endDate = '$endDate',") . " empStatus = '$empStatus', address = '$address', email = '$email', phoneNum = '$phoneNum', wage = $wage WHERE empID = $empID";
                    mysqli_query($conn, $sql);
                    $error = ErrorCode::successUpdate;
                } else {
                    $error = ErrorCode::integFailUpdate;
                }
            } else {
                $error = ErrorCode::authFailUpdate;
            }
        }
        mysqli_close($conn);
    } else {
        $error = ErrorCode::authFailUpdate;
    }

    //close connection, add errorcode to start of output
    return array($error);
}